jimbocoin on Nostr: I guess I should specify that I’m open to a different approach wherein using Nostr ...
I guess I should specify that I’m open to a different approach wherein using Nostr keys and some other key (gpg) a user can mutually sign.
That is, the user uses Nostr to sign a message declaring ownership of the gpg key, and the gpg key to declare ownership of the Nostr identity. Only someone with both keys could do this.
Curious if anyone has written up a specification for this approach, which would allow Nostr follows to bridge into web-of-trust for, say, binary attestation with gpg.
So for example. I recently got Qubes OS. Downloaded the iso through BitTorrent, then validated against their signing key, which I had to download and install separately.
Could this process be made simpler by having a Qubes OS nostr identity which co-signed the gpg key proof? Then as long as I follow someone who transitory follows Qubes OS on Nostr, a UI could show me the trust graph and I could approve it (or something).
That is, the user uses Nostr to sign a message declaring ownership of the gpg key, and the gpg key to declare ownership of the Nostr identity. Only someone with both keys could do this.
Curious if anyone has written up a specification for this approach, which would allow Nostr follows to bridge into web-of-trust for, say, binary attestation with gpg.
So for example. I recently got Qubes OS. Downloaded the iso through BitTorrent, then validated against their signing key, which I had to download and install separately.
Could this process be made simpler by having a Qubes OS nostr identity which co-signed the gpg key proof? Then as long as I follow someone who transitory follows Qubes OS on Nostr, a UI could show me the trust graph and I could approve it (or something).